Overview
In July 2024, Liquidium underwent a comprehensive security audit conducted by Scalebit, a trusted blockchain security firm. The audit was designed to ensure the security and robustness of Liquidium's core Bitcoin logic and peer-to-peer lending platform, focusing on Discreet Log Contracts (DLCs), multi-signature (multisig) escrows, and Partially Signed Bitcoin Transactions (PSBT).
Audit Details
Audit Firm: Scalebit (Twitter)
Audit Period: July 2, 2024 – August 15, 2024
Audited Areas:
Bitcoin-based technologies integral to Ordinals, Runes, and BRC20 lending/borrowing.
Key components of Liquidium’s core architecture and oracle mechanisms.
Methods: The audit employed a combination of:
Dependency checks
Static code analysis
Manual code reviews
Key Findings
The audit reviewed the entire architecture and processes related to Liquidium’s peer-to-peer lending protocol. A total of 11 issues were identified, categorized by severity:
Critical Issues: 2 (both resolved)
Major Issues: 2 (both resolved)
Medium Issues: 3 (2 resolved, 1 acknowledged)
Minor Issues: 2 (1 resolved, 1 acknowledged)
Informational Issues: 2 (both resolved)
No critical issues were left unresolved, and all other identified issues were either resolved or acknowledged as non-blocking.
Security Strengths
The audit confirmed the security of Liquidium's key components, including:
Bitcoin Logic: The audit verified that Liquidium's system uses secure, decentralized escrow mechanisms via multisig.
DLC and PSBT: Both technologies were reviewed for potential vulnerabilities, with the audit confirming the system’s strength in handling Bitcoin transactions securely, while ensuring that the 2-of-3 multisig model, which includes the oracle, provides a balanced approach to decentralization and trust.
Core Lending Logic: The foundational logic for Ordinals, Runes, and BRC20 lending was found to be secure and robust for peer-to-peer lending activities.
Conclusion
The audit by Scalebit found no critical vulnerabilities that compromise Liquidium’s platform. All identified issues were promptly addressed to ensure the system remains secure for users.